Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0310

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0310
Last Modified 10 Sep 2008 08:00:55
Published 31 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0310

Summary

Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.

Vulnerable Systems

Application

  • Netwin Webnews 1.1h

  • Netwin Webnews 1.1i

  • Netwin Webnews 1.1j

  • Netwin Webnews 1.1k


References

XF - webnews-cgi-default-accounts(8255)

BUGTRAQ - 20020221 Netwin Webnews 1.1k

BID - 4156


Last Updated: 27 May 2016 10:36:52